Speaker: Manos Antonakakis, School of Electrical and Computer Engineering (ECE), GA Tech
Location: Marcus Nanotechnology 1117-1118 (Map)
Date/Time: March 29, 2017, 12:00n – 1:00pm (Lunch at 11:30am)Title: Using DNS & Machine Learning to Reason About Internet Abuse
Title: Using DNS & Machine Learning to Reason About Internet Abuse
Abstract: The Domain Name System (DNS) is a critical component of the Internet. The critical nature of DNS often makes it the target of direct cyber-attacks and other forms of abuse. Cyber-criminals rely heavily upon the reliability and scalability of the DNS protocol to serve as an agile platform for their illicit network operations. For example, modern malware and Internet fraud techniques rely upon the DNS to locate their remote command-and-control (C&C) servers through which new commands from the attacker are issued, serve as exfiltration points for the information stolen from the victim’s computer and to manage subsequent updates to their malicious toolset.
In this talk, I will discuss how we can reason about Internet abuse using DNS and various machine learning methods. After providing an overview around DNS, botnets and their illicit activities, I will discuss how spectral methods can help us model one of the most agile threats on the Internet; the botnets that employ Domain Name Generation Algorithms (DGAs). Then, we will discuss ways that tensors can help us track virtual illicit actors across the Internet. Finally, I will conclude by discussing some open research problems in computer security where machine learning methods should be the key ingredient for any efficient and effective solution.
Bio: Manos Antonakakis, Ph.D., is an Assistant Professor in the School of Electrical and Computer Engineering (ECE), and adjunct faculty in the College of Computing (CoC), at the Georgia Institute of Technology. He is responsible for the Astrolavos Lab, where students from both CoC and ECE conduct research in the areas of Network Security, Intrusion Detection, and Data Mining. In May 2012, he received his Ph.D. in Computer Science from the Georgia Institute of Technology. Before joining the ECE faculty, Professor Antonakakis held the Chief Scientist role at Damballa, where he was responsible for advanced research projects, university collaborations, and technology transfer efforts. He currently serves as the co-chair of the Academic Committee for the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG). Dr. Antonakakis is the author of several U.S. patents and academic publications. He served as an external reviewer or a program committee member for leading information security conferences. He has successfully raised funding from multiple government agencies and organizations in the private sector. He is a member of the Institute for Information Security & Privacy (IISP) at Georgia Tech and contributed to its predecessor, the Georgia Tech Information Security Center (GTISC).